As used throughout this Specification, a “whitelist” includes any sanitized list of computing objects that are authorized to run on a computing device, and that may be modified only by an executable object designated as an updater. An “updater” is thus an executable object that is authorized to modify a group of whitelisted files on the computing device. For example, an updater may be a system update service running on a Microsoft windows system that is configured to download and install patches and updates for installed software. In another example, an updater may be an update daemon running on a Linux or UNIX system, including update daemons provided with common software repositories, such as “ports” and its variants, which may manage a large number of installed packages, including security and feature updates. Updaters may also include individual update agents provided by specific software packages. For example, the Java Runtime Engine (JRE) provided by Oracle Corporation commonly installs a Java update agent that periodically checks for new Java updates.